Publication: Detección automática de sitios web fraudulentos
Loading...
Official URL
Full text at PDC
Publication Date
2020-06
Advisors (or tutors)
Editors
Journal Title
Journal ISSN
Volume Title
Publisher
Citations
Exportar
Abstract
A lo largo de los últimos años se ha observado un aumento considerable en las comunicaciones y operaciones que se realizan diariamente a través de Internet. Las redes sociales o el comercio electrónico son un ejemplo del tipo de gestiones que se pueden llevar a cabo en la red. Este aumento ha supuesto que cada año sean más frecuentes los ataques de phishing. Estos ataques utilizan ingeniería social para robar información personal o confidencial al usuario, haciéndose pasar por una empresa o persona de confianza. Durante la pandemia declarada por el brote de Coronavirus Desease (COVID19), debido al aumento del teletrabajo y de las compras en línea, este tipo de ataques se ha incrementado en un 5.38% [APWG20], con un máximo de 59,525 sitios web fraudulentos detectados en un solo día. Por eso cada día es más importante el desarrollo de herramientas que permitan detectar estos ataques. Actualmente existen sistemas de detección basados en listas negras que son muy potentes, pero que no tienen la capacidad de detectar páginas web de phishing en tiempo real, algo necesario cuando la duración media de una página web de phishing es en torno a 20 horas [MC07]. También, existen sistemas de detección basados en algoritmos de aprendizaje automático, que extraen características de las páginas web de phishing y desarrollan un modelo que permite predecir si una página web es maliciosa o no. Este tipo de sistemas de detección permite identificar páginas web fraudulentas en tiempo real. Este trabajo propone un sistema de detección que combina ambos métodos. Primero se comprueba que la página web sospechosa no está en la lista negra localizada en una base de datos almacenada localmente. En caso de no ser encontrada se realiza una búsqueda en la base de datos de Google Safe Browsing. Si la respuesta es negativa se utiliza un modelo de predicción para categorizar la página como phishing o no phishing. El modelo ha sido seleccionado tras probar 12 algoritmos diferentes de aprendizaje automático a los cuales se les ha suministrado características extraídas de la dirección de la página web y del modelo de objeto de documento. Posteriormente se comparan los resultados del modelo con un conjunto de trabajos seleccionados. El mejor resultado se ha obtenido con el algoritmo de Bosques aleatorios o Random Forest. Se ha logrado un porcentaje de aciertos del 90.6%, un porcentaje de falsos positivos del 2.35% y una precisión de 95,50%.
Over the last few years, there has been a considerable increase in communications and operations carried out through the Internet. Social networks or electronic commerce are an example of the type of management that can be carried out online. This increase is reflected in the fact that fraud attacks are more frequent every year. These attacks use social engineering strategies to steal sensitive information from the users pretending to be a trusted company or person. During the pandemic declared by the COVID-19 outbreak due to the increase of telecommuting and online shopping, these type of attacks have increased by 5.38% [APWG20] with a maximum of 59,525 fraudulent websites detected in a single day. That is why the development of tools that detect phishing attacks has never been more important than it is now. There are currently blacklist detection systems that are very powerful, but do not have the ability to detect phishing web pages in real time, something necessary when the average duration of a phishing web page is around 20 hours [MC07]. There are also detection systems based on machine learning algorithms, which extract features from phishing web pages and, through machine learning algorithms, develop a model that allows predicting whether a web page is malicious or not. This type of detection systems allow to detect phishing web pages in real time. We propose a detection system that combines both systems. First we check that the suspicious web page is not on our blacklist, which is localized in our database. If it is not found, we search it in the Google Safe Browsing database. If the answer is negative, we use a prediction model to categorize the page as phish or non-phish. The model has been selected after testing 12 different machine learning algorithms which have been provided with features extracted from the web page address and the document object model. Later, we compare the results of the model with a set of selected papers. The best result has been obtained using the Random Forest algorithm. We achieved a percentage of true positives of 90.6% a percentage of false positives of 2.35% and a percentage of accuracy of 95,50%.
Over the last few years, there has been a considerable increase in communications and operations carried out through the Internet. Social networks or electronic commerce are an example of the type of management that can be carried out online. This increase is reflected in the fact that fraud attacks are more frequent every year. These attacks use social engineering strategies to steal sensitive information from the users pretending to be a trusted company or person. During the pandemic declared by the COVID-19 outbreak due to the increase of telecommuting and online shopping, these type of attacks have increased by 5.38% [APWG20] with a maximum of 59,525 fraudulent websites detected in a single day. That is why the development of tools that detect phishing attacks has never been more important than it is now. There are currently blacklist detection systems that are very powerful, but do not have the ability to detect phishing web pages in real time, something necessary when the average duration of a phishing web page is around 20 hours [MC07]. There are also detection systems based on machine learning algorithms, which extract features from phishing web pages and, through machine learning algorithms, develop a model that allows predicting whether a web page is malicious or not. This type of detection systems allow to detect phishing web pages in real time. We propose a detection system that combines both systems. First we check that the suspicious web page is not on our blacklist, which is localized in our database. If it is not found, we search it in the Google Safe Browsing database. If the answer is negative, we use a prediction model to categorize the page as phish or non-phish. The model has been selected after testing 12 different machine learning algorithms which have been provided with features extracted from the web page address and the document object model. Later, we compare the results of the model with a set of selected papers. The best result has been obtained using the Random Forest algorithm. We achieved a percentage of true positives of 90.6% a percentage of false positives of 2.35% and a percentage of accuracy of 95,50%.
Description
Trabajo de Fin de Grado en Ingeniería Informática, Facultad de Informática UCM, Departamento de Ingeniería del Software e Inteligencia Artificial, Curso 2019/2020.